Burp is an HTTP intercepting proxy. It means you will use it to intercept the communication between your browser and, for example, an application you are testing. Burp has many other features, like you see those modules in here: Proxy, Spider, Scanner. We won’t be covering all of them today, but I want to show you five favorite features of mine, which I’m using in every pen test.

I’m going to talk about one of the TOP-5 most important things that need to be checked in the Active Directory, Permission Delegation. This is quite overlooked security topic. However, it’s very important to understand how permissions are working in active directory. What are the paths for a potential attacker to compromise our environment and how we can defend ourselves from potential attack?

Today we gonna be talking about Nmap Scripting Engine, NSE. Nmap itself is a very interesting tool and can give penetration testers huge amount of information about network and systems connected to it. Nmap Scripting Engine is a powerful tool on top of Nmap, which allows us to automate some things that Nmap is doing during scanning.